Security update for LibVNCServer

Announcement ID:	SUSE-SU-2020:1922-1
Rating:	important
References:	bsc#1173477 bsc#1173691 bsc#1173694 bsc#1173700 bsc#1173701 bsc#1173743 bsc#1173874 bsc#1173875 bsc#1173876 bsc#1173880
Cross-References:	CVE-2017-18922 CVE-2018-21247 CVE-2019-20839 CVE-2019-20840 CVE-2020-14397 CVE-2020-14398 CVE-2020-14399 CVE-2020-14400 CVE-2020-14401 CVE-2020-14402
CVSS scores:	CVE-2017-18922 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2017-18922 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-21247 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2018-21247 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2019-20839 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-20839 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-20840 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-20840 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-14397 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-14397 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-14398 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-14398 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-14399 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2020-14399 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-14400 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2020-14400 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-14401 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2020-14401 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L CVE-2020-14402 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVE-2020-14402 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
Affected Products:	SUSE Linux Enterprise Desktop 15 SP1 SUSE Linux Enterprise Desktop 15 SP2 SUSE Linux Enterprise High Performance Computing 15 SP1 SUSE Linux Enterprise High Performance Computing 15 SP2 SUSE Linux Enterprise Server 15 SP1 SUSE Linux Enterprise Server 15 SP2 SUSE Linux Enterprise Server for SAP Applications 15 SP1 SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Linux Enterprise Workstation Extension 15 SP1 SUSE Linux Enterprise Workstation Extension 15 SP2 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.0 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Package Hub 15 15-SP1 SUSE Package Hub 15 15-SP2

An update that solves 10 vulnerabilities can now be installed.

Description:

This update for LibVNCServer fixes the following issues:

• security update
• added patches fix CVE-2018-21247 [bsc#1173874], uninitialized memory contents are vulnerable to Information leak
• LibVNCServer-CVE-2018-21247.patch fix CVE-2019-20839 [bsc#1173875], buffer overflow in ConnectClientToUnixSock()
• LibVNCServer-CVE-2019-20839.patch fix CVE-2019-20840 [bsc#1173876], unaligned accesses in hybiReadAndDecode can lead to denial of service
• LibVNCServer-CVE-2019-20840.patch fix CVE-2020-14398 [bsc#1173880], improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c
• LibVNCServer-CVE-2020-14398.patch fix CVE-2020-14397 [bsc#1173700], NULL pointer dereference in libvncserver/rfbregion.c
• LibVNCServer-CVE-2020-14397.patch fix CVE-2020-14399 [bsc#1173743], Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c.
• LibVNCServer-CVE-2020-14399.patch fix CVE-2020-14400 [bsc#1173691], Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c.
• LibVNCServer-CVE-2020-14400.patch fix CVE-2020-14401 [bsc#1173694], potential integer overflows in libvncserver/scale.c
• LibVNCServer-CVE-2020-14401.patch fix CVE-2020-14402 [bsc#1173701], out-of-bounds access via encodings.
• LibVNCServer-CVE-2020-14402,14403,14404.patch fix CVE-2017-18922 [bsc#1173477], preauth buffer overwrite

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Package Hub 15 15-SP1
  zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-1922=1
• SUSE Package Hub 15 15-SP2
  zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-1922=1
• SUSE Linux Enterprise Workstation Extension 15 SP1
  zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2020-1922=1
• SUSE Linux Enterprise Workstation Extension 15 SP2
  zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-1922=1

Package List:

• SUSE Package Hub 15 15-SP1 (aarch64 ppc64le s390x x86_64)
  • libvncserver0-0.9.10-4.22.1
  • libvncserver0-debuginfo-0.9.10-4.22.1
  • LibVNCServer-debugsource-0.9.10-4.22.1
• SUSE Package Hub 15 15-SP2 (aarch64 ppc64le s390x x86_64)
  • libvncserver0-0.9.10-4.22.1
  • libvncserver0-debuginfo-0.9.10-4.22.1
  • LibVNCServer-debugsource-0.9.10-4.22.1
• SUSE Linux Enterprise Workstation Extension 15 SP1 (x86_64)
  • libvncclient0-debuginfo-0.9.10-4.22.1
  • libvncclient0-0.9.10-4.22.1
  • LibVNCServer-debugsource-0.9.10-4.22.1
• SUSE Linux Enterprise Workstation Extension 15 SP2 (x86_64)
  • libvncclient0-debuginfo-0.9.10-4.22.1
  • libvncserver0-debuginfo-0.9.10-4.22.1
  • libvncserver0-0.9.10-4.22.1
  • LibVNCServer-debugsource-0.9.10-4.22.1
  • libvncclient0-0.9.10-4.22.1

References:

• https://www.suse.com/security/cve/CVE-2017-18922.html
• https://www.suse.com/security/cve/CVE-2018-21247.html
• https://www.suse.com/security/cve/CVE-2019-20839.html
• https://www.suse.com/security/cve/CVE-2019-20840.html
• https://www.suse.com/security/cve/CVE-2020-14397.html
• https://www.suse.com/security/cve/CVE-2020-14398.html
• https://www.suse.com/security/cve/CVE-2020-14399.html
• https://www.suse.com/security/cve/CVE-2020-14400.html
• https://www.suse.com/security/cve/CVE-2020-14401.html
• https://www.suse.com/security/cve/CVE-2020-14402.html
• https://bugzilla.suse.com/show_bug.cgi?id=1173477
• https://bugzilla.suse.com/show_bug.cgi?id=1173691
• https://bugzilla.suse.com/show_bug.cgi?id=1173694
• https://bugzilla.suse.com/show_bug.cgi?id=1173700
• https://bugzilla.suse.com/show_bug.cgi?id=1173701
• https://bugzilla.suse.com/show_bug.cgi?id=1173743
• https://bugzilla.suse.com/show_bug.cgi?id=1173874
• https://bugzilla.suse.com/show_bug.cgi?id=1173875
• https://bugzilla.suse.com/show_bug.cgi?id=1173876
• https://bugzilla.suse.com/show_bug.cgi?id=1173880